CVE-2022-4743Missing Release of Memory after Effective Lifetime in Simple Directmedia Layer

CWE-401Missing Release of Memory after Effective Lifetime7 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 87.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Libsdl Simple Directmedia LayerRedhat Enterprise Linux
Timeline
PublishedJan 12

Description

A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDlibsdl/simple_directmedia_layer2.0.42.26.0

Also affects: Enterprise Linux 9.0

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
CVE-2022-4743: A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles2023-01-12
CVEList
CVE-2022-4743: A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles2023-01-12
GHSA
GHSA-94g7-4r7x-4rfv: A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles2023-01-12

📋Vendor Advisories

3
Microsoft
A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability 2023-01-10
Red Hat
SDL2: memory leak in GLES_CreateTexture() in render/opengles/SDL_render_gles.c2022-09-21
Debian
CVE-2022-4743: libsdl2 - A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() fun...2022
CVE-2022-4743 — Simple Directmedia Layer vulnerability | cvebase